Include screenshots using domain name and 'Host' header when using nmap XML #192
Comments
|
Not 100% certain I understand, is this related to #189? If the tag you're referring to means Chrome will normally resolve and connect to it, then I'm happy to take a PR for this addition! |
Yes, it looks like this is the same issue. I created a workaround by manipulating the xml output with a custom script, replacing the ip address with the appropriate vhost value. |
|
Can you show me an example? May be possible to the logic from your script, triggered by a flag. |
|
Hi, yes I can send you the script. Email me at
"temp.timid637[at]passmail[dot]net" and I will forward it to you as soon as
I get home.
…On Sun, 15 Sep 2024, 18:12 Leon Jacobs ***@***.***> wrote:
Can you show me an example? May be possible to the logic from your script,
triggered by a flag.
—
Reply to this email directly, view it on GitHub
<#192 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AGE2FJRYGXRTWOGJMJHHPWLZWWPVVAVCNFSM6AAAAABOHX7G7OVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDGNJRGYZTENBXGE>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
|
Being able to scan a list of IPs with set of vhosts would be extremely useful. I can't think how to reliably do this with "networking related hacks". Something like curl's --resolve would be ideal as an interface. |
|
Using the go-rod driver we can use a network Highjack, but in my testing it brings us back to the type of issues we had in gowitness 2 with the preflighter given the standard golang dialer under the hood. |
|
Ahh, thanks, I'll see what I can find out then. I have a bit of time to dig into this sort of thing right now. I suppose worst case I could spin up a number of SOCKS proxies (I want to be able to scan different vhosts for the same IP in parallel). |
Is your feature request related to a problem? Please describe.
When using nmap's XML output file. there doesn't seem to be an option for using the values between the tags for taking additional screenshots.
Describe the solution you'd like
It is very common for a web application to require the 'Host' header in order to serve the web application to the client, especially with servers that have multiple virtual hosts. It would be great if gowitness also took screenshots of the web application using its domain name and adding the 'Host' header automatically, all based on the values (if they exist) between the 'hostnames' tags in the nmap xml file.
For example, let's say I used nmap to scan ip 7.7.7.7 and output the results in xml format using the -oX switch.
It would be really great if gowitness had the capability to issue the http/https requests with the corresponding 'Host' header in each request, based on the tag values. So instead of sending 2 requests by default, it would send 4 requests.
Since the functionality for parsing Nmap's XML files already exists, I assume that it would be quick and easy to implement.
The text was updated successfully, but these errors were encountered: